CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

Key Points:

• CISA has added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, affecting Microsoft Office and HPE OneView.
• The vulnerabilities include CVE-2025-37164, which impacts all versions of HPE OneView prior to version 11.00. The risk is heightened by the public availability of a proof-of-concept exploit.
• Organizations are strongly advised to apply available hotfixes for affected versions of OneView and ensure updates are completed by January 28, 2026, to mitigate risks.

Technical Details: CVE-2025-37164 affects all versions of HPE OneView prior to 11.00, with active exploitation reported. The vulnerability's details were disclosed last month, and a proof-of-concept exploit was released on December 23, 2025.

MITRE ATT&CK Techniques: None mentioned

IOCs Mentioned: None mentioned